Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Hardning of Apache with PHP
- yum update -y
- yum install epel-release -y
- rpm -Uvh http://mirror.webtatic.com/yum/el7/webtatic-release.rpm
- yum install vim wget firewalld httpd mod_ssl php70w.x86_64 php70w-mcrypt policycoreutils-python -y
- systemctl start httpd && systemctl enable httpd && systemctl status httpd
- systemctl start firewalld && systemctl enable firewalld &&
- firewall-cmd --permanent --add-service=http --zone=public &&
- firewall-cmd --permanent --add-service=https --zone=public &&
- firewall-cmd --reload
- rm -Rf /usr/share/httpd
- rm -Rf /etc/httpd/conf.d/welcome.conf
- touch index.php
- sudo sed -i 's/SELINUX=disabled.*/SELINUX=enforcing/' /etc/selinux/config
- semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html(/.*)?"
- #HTTPS ACCESS ONLY
- semanage fcontext -a -t httpd_sys_content_t "/var/www/html(/.*)?"
- restorecon -R -v "/var/www/html
- mv /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.back
- sed '/^#\|^$\| *#/d' /etc/httpd/conf/httpd.conf.back >> /etc/httpd/conf/httpd.conf
- sed -i 's/.*<Directory \/>.*/&\ni/' /etc/httpd/conf/httpd.conf
- sed -i 's/.*<Directory "\/var\/www">.*/&\nOptions -Indexes -Includes -ExecCGI -FollowSymLinks/' /etc/httpd/conf/httpd.conf
- sed -i '/<Directory "\/var\/www\/html">/,/<\/Directory>/s/Options Indexes FollowSymLinks/Options -Indexes -Includes -ExecCGI -FollowSymLinks/' /etc/httpd/conf/httpd.conf
- sed -i '/^IncludeOptional conf.d\/\*\.conf.*/i ServerName 127.0.0.1:80\nServerTokens Prod\nServerSignature Off\nFileETag None\nTraceEnable off\nHostnameLookups Off\nHeader always set X-Content-Type-Options nosniff\nHeader always set X-XSS-Protection "1; mode=block"\nHeader always append X-Frame-Options SAMEORIGIN\nAddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript' /etc/httpd/conf/httpd.conf
- Web Firewall
- =========================
- yum --enablerepo=epel install mod_security mod_evasive mod_security_crs -y
- httpd -M | grep evasive
- httpd -M | grep security
- systemctl restart httpd && systemctl status httpd -l
- # Edit following line in /etc/httpd/conf/httpd.conf end
- #ServerTokens Prod
- #ServerSignature Off
- ServerTokens Full
- SecServerSignature "testserver"
- PHP
- ===============
- sed -i 's/short_open_tag = .*/short_open_tag = On/' /etc/php.ini
- sed -i 's/expose_php = .*/expose_php = Off/' /etc/php.ini
- sed -i 's/display_errors = .*/display_errors = Off/' /etc/php.ini
- systemctl restart httpd && systemctl status httpd -l
Add Comment
Please, Sign In to add comment